30.2. Gateways and Routes

Contributed by Coranth Gryphon.

For one machine to be able to find another over a network, there must be a mechanism in place to describe how to get from one to the other. This is called routing. A route is a defined pair of addresses: a destination and a gateway. The pair indicates that when trying to get to this destination, communicate through this gateway. There are three types of destinations: individual hosts, subnets, and default. The default route is used if none of the other routes apply. There are also three types of gateways: individual hosts, interfaces (also called links), and Ethernet hardware (MAC) addresses.

30.2.1. An Example

This example netstat(1) output illustrates several aspects of routing:

% netstat -r
Routing tables

Destination      Gateway            Flags     Refs     Use     Netif Expire

default          outside-gw         UGSc       37      418      ppp0
localhost        localhost          UH          0      181       lo0
test0            0:e0:b5:36:cf:4f   UHLW        5    63288       ed0     77
10.20.30.255     link#1             UHLW        1     2421
example.com      link#1             UC          0        0
host1            0:e0:a8:37:8:1e    UHLW        3     4601       lo0
host2            0:e0:a8:37:8:1e    UHLW        0        5       lo0 =>
host2.example.com link#1             UC          0        0
224              link#1             UC          0        0

The first two lines specify the default route, described in more detail in Section 30.2.2, “Default Routes”, and the localhost route.

The interface (Netif column) that this routing table specifies to use for localhost is lo0, also known as the loopback device. This says to keep all traffic for this destination internal, rather than sending it out over the network.

The addresses beginning with 0:e0: are Ethernet hardware addresses, also known as MAC addresses. FreeBSD will automatically identify any hosts, test0 in the example, on the local Ethernet and add a route for that host over the Ethernet interface, ed0. This type of route has a timeout, seen in the Expire column, which is used if the host does not respond in a specific amount of time. When this happens, the route to this host will be automatically deleted. These hosts are identified using the Routing Information Protocol (RIP), which calculates routes to local hosts based upon a shortest path determination.

FreeBSD will add subnet routes for the local subnet. 10.20.30.255 is the broadcast address for the subnet 10.20.30 and example.com is the domain name associated with that subnet. The designation link#1 refers to the first Ethernet card in the machine.

Local network hosts and local subnets have their routes automatically configured by a daemon called routed(8). If it is not running, only routes which are statically defined by the administrator will exist.

The host1 line refers to the host by its Ethernet address. Since it is the sending host, FreeBSD knows to use the loopback interface (lo0) rather than the Ethernet interface.

The two host2 lines represent aliases which were created using ifconfig(8). The => symbol after the lo0 interface says that an alias has been set in addition to the loopback address. Such routes only show up on the host that supports the alias; all other hosts on the local network will have a link#1 line for such routes.

The final line (destination subnet 224) deals with multicasting.

Finally, various attributes of each route can be seen in the Flags column. Below is a short table of some of these flags and their meanings:

UUp: The route is active.
HHost: The route destination is a single host.
GGateway: Send anything for this destination on to this remote system, which will figure out from there where to send it.
SStatic: This route was configured manually, not automatically generated by the system.
CClone: Generates a new route based upon this route for machines to connect to. This type of route is normally used for local networks.
WWasCloned: Indicated a route that was auto-configured based upon a local area network (Clone) route.
LLink: Route involves references to Ethernet hardware.

30.2.2. Default Routes

When the local system needs to make a connection to a remote host, it checks the routing table to determine if a known path exists. If the remote host falls into a subnet that it knows how to reach, the system checks to see if it can connect using that interface.

If all known paths fail, the system has one last option: the default route. This route is a special type of gateway route (usually the only one present in the system), and is always marked with a c in the flags field. For hosts on a local area network, this gateway is set to the system which has a direct connection to the Internet.

The default route for a machine which itself is functioning as the gateway to the outside world, will be the gateway machine at the Internet Service Provider (ISP).

This example is a common configuration for a default route:

The hosts Local1 and Local2 are on the local network. Local1 is connected to an ISP using a PPP connection. This PPP server is connected through a local area network to another gateway computer through an external interface to the ISP.

The default routes for each machine will be:

HostDefault GatewayInterface
Local2Local1Ethernet
Local1T1-GWPPP

A common question is Why is T1-GW configured as the default gateway for Local1, rather than the ISP server it is connected to?.

Since the PPP interface is using an address on the ISP's local network for the local side of the connection, routes for any other machines on the ISP's local network will be automatically generated. The system already knows how to reach the T1-GW machine, so there is no need for the intermediate step of sending traffic to the ISP's server.

It is common to use the address X.X.X.1 as the gateway address for the local network. So, if the local class C address space is 10.20.30 and the ISP is using 10.9.9, the default routes would be:

HostDefault Route
Local2 (10.20.30.2)Local1 (10.20.30.1)
Local1 (10.20.30.1, 10.9.9.30)T1-GW (10.9.9.1)

The default route can be easily defined in /etc/rc.conf. In this example, on Local2, add the following line to /etc/rc.conf:

defaultrouter="10.20.30.1"

It is also possible to add the route directly using route(8):

# route add default 10.20.30.1

For more information on manual manipulation of network routing tables, refer to route(8).

30.2.3. Dual Homed Hosts

A a dual-homed system is a host which resides on two different networks.

The dual-homed machine might have two Ethernet cards, each having an address on a separate subnet. Alternately, the machine can have one Ethernet card and uses ifconfig(8) aliasing. The former is used if two physically separate Ethernet networks are in use and the latter if there is one physical network segment, but two logically separate subnets.

Either way, routing tables are set up so that each subnet knows that this machine is the defined gateway (inbound route) to the other subnet. This configuration, with the machine acting as a router between the two subnets, is often used to implement packet filtering or firewall security in either or both directions.

For this machine to forward packets between the two interfaces, FreeBSD must be configured as a router, as demonstrated in the next section.

30.2.4. Building a Router

A network router is a system that forwards packets from one interface to another. Internet standards and good engineering practice prevent the FreeBSD Project from enabling this by default in FreeBSD. This feature can be enabled by changing the following variable to YES in rc.conf(5):

gateway_enable="YES"          # Set to YES if this host will be a gateway

This option will set the sysctl(8) variable net.inet.ip.forwarding to 1. To stop routing, reset this to 0.

The new router will need routes to know where to send the traffic. If the network is simple enough, static routes can be used. FreeBSD comes with the standard BSD routing daemon routed(8), which speaks RIP versions 1 and 2, and IRDP. Support for BGPv4, OSPFv2, and other sophisticated routing protocols is available with the net/zebra package or port.

30.2.5. Setting Up Static Routes

Contributed by Al Hoang.

30.2.5.1. Manual Configuration

Consider the following network:

In this scenario, RouterA is a FreeBSD machine that is acting as a router to the rest of the Internet. It has a default route set to 10.0.0.1 which allows it to connect with the outside world. RouterB is already configured properly as it uses 192.168.1.1 as the gateway.

The routing table on RouterA looks something like this:

% netstat -nr
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif  Expire
default            10.0.0.1           UGS         0    49378    xl0
127.0.0.1          127.0.0.1          UH          0        6    lo0
10.0.0.0/24        link#1             UC          0        0    xl0
192.168.1.0/24     link#2             UC          0        0    xl1

With the current routing table, RouterA cannot reach Internal Net 2 as it does not have a route for 192.168.2.0/24. The following command adds the Internal Net 2 network to RouterA's routing table using 192.168.1.2 as the next hop:

# route add -net 192.168.2.0/24 192.168.1.2

Now RouterA can reach any hosts on the 192.168.2.0/24 network.

30.2.5.2. Persistent Configuration

The above example configures a static route on a running system. However, the routing information will not persist if the FreeBSD system reboots. Persistent static routes can be entered in /etc/rc.conf:

# Add Internal Net 2 as a static route
static_routes="internalnet2"
route_internalnet2="-net 192.168.2.0/24 192.168.1.2"

The static_routes configuration variable is a list of strings separated by a space, where each string references a route name. This example only has one string in static_routes, internalnet2. The variable route_internalnet2 contains all of the configuration parameters to route(8). This example is equivalent to the command:

# route add -net 192.168.2.0/24 192.168.1.2

Using more than one string in static_routes creates multiple static routes. The following shows an example of adding static routes for the 192.168.0.0/24 and 192.168.1.0/24 networks:

static_routes="net1 net2"
route_net1="-net 192.168.0.0/24 192.168.0.1"
route_net2="-net 192.168.1.0/24 192.168.1.1"

30.2.6. Routing Propagation

When an address space is assigned to a network, the service provider configures their routing tables so that all traffic for the network will be sent to the link for the site. But how do external sites know to send their packets to the network's ISP?

There is a system that keeps track of all assigned address spaces and defines their point of connection to the Internet backbone, or the main trunk lines that carry Internet traffic across the country and around the world. Each backbone machine has a copy of a master set of tables, which direct traffic for a particular network to a specific backbone carrier, and from there down the chain of service providers until it reaches your network.

It is the task of the service provider to advertise to the backbone sites that they are the point of connection, and thus the path inward, for a site. This is known as route propagation.

30.2.7. Troubleshooting

Sometimes, there is a problem with routing propagation and some sites are unable to connect. Perhaps the most useful command for trying to figure out where routing is breaking down is traceroute(8). It is useful when ping(8) fails.

When using traceroute(8), include the name of the remote host to connect to. The output will show the gateway hosts along the path of the attempt, eventually either reaching the target host, or terminating because of a lack of connection.

For more information, refer to traceroute(8).

30.2.8. Multicast Routing

FreeBSD natively supports both multicast applications and multicast routing. Multicast applications do not require any special configuration of FreeBSD; as applications will generally run out of the box. Multicast routing requires that support be compiled into a custom kernel:

options MROUTING

The multicast routing daemon, mrouted(8), must be configured to set up tunnels and DVMRP via /etc/mrouted.conf. More details on multicast configuration may be found in mrouted(8).

Note:

The mrouted(8) multicast routing daemon implements the DVMRP multicast routing protocol, which has largely been replaced by pim(4) in many multicast installations. mrouted(8) and the related map-mbone(8) and mrinfo(8) utilities are available in the FreeBSD Ports Collection as net/mrouted.

All FreeBSD documents are available for download at http://ftp.FreeBSD.org/pub/FreeBSD/doc/

Questions that are not answered by the documentation may be sent to <freebsd-questions@FreeBSD.org>.
Send questions about this document to <freebsd-doc@FreeBSD.org>.